June 8, 2007 – The Office of Management and Budget (OMB) has told government agencies that they must end the practice of using Social Security Numbers as unique identifiers wherever possible. The directive means that government agencies will need to review their electronic and paper files and begin the process of deleting SSNs from them wherever possible. They have set a tentative deadline of April, 2009 to accomplish this goal.

The decision by OMB presents a huge problem for the federal government. Dave Combs, Chief Information Officer for the Department of Agriculture said that the task is daunting. "Every personnel folder in the federal government is chock full of SSNs. There are lots of systems, and you can’t just snap your fingers and change it overnight."

Comb’s may have actually understated the problem. Anyone who submits a resume to the government as a part of job application is required to place their SSN on the resume itself. This is a practice that organizations such as ACCESS warn consumers against in the private sector. Even government time cards for hourly employees have SSNs printed on them.

The OMB has identified 10,595 government systems that include personal information. Every one of these systems will need to be examined and scrubbed if they contain SSNs. All of these systems will need to be examined over the next 18 months.

The purpose of the new rules is simple. The OMB is concerned that the federal government has done a relatively poor job of maintaining data securely. Last year’s data breach at the Department of Veterans Affairs brought national attention to the issue, but this certainly wasn’t the only problem faced by federal agencies. In the last report card on data security issued by the Government Reform Committee, the government received a D+ in overall data security. Many agencies received individual scores of "F".

The decision by OMB will be good for consumers. It means that government agencies will no longer be able to use SSNs just because "that’s the way it’s always been done." From now on, they will need a good reason for their use. That is of course if each agency is able to comply with the rules. There is a pretty good chance that many agencies will ask for extensions to the time table. There is an equally good chance that some government computer systems will be overlooked in this process. Even so, this is a positive step forward for privacy rights.

by Jim Malmberg

Only registered users can write comments.
Please login or register.